10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.07 Low
EPSS
Percentile
93.9%
A vulnerabilty in the way Apple Mac OS X iChat handles specially crafted UPnP packets may allow execution of arbitrary code or denial of service.
Apple iChat contains a vulnerability that could be exploited by an attacker on the local network when it attempts to handle specially crafted Universal Plug and Play (UPnP) protocol packets. According to Apple Security Update 2007-005:
A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in iChat.
An unauthenticated attacker on the local network may be able to execute arbitrary code or cause a denial of service.
Upgrade
Apple has addressed this issue in Apple Security Update 2007-005.
116100
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: May 25, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Apple Security Update 2007-005.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23116100 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://docs.info.apple.com/article.html?artnum=305530>
This issue was reported in Apple Security Update 2007-005.
This document was written by Chris Taschner.
CVE IDs: | CVE-2007-2390 |
---|---|
Severity Metric: | 9.98 Date Public: |